1. Field of the Invention
The present invention relates to a method of verifying memory integrity of a remote device. More particularly, the present invention relates to a method and apparatus for verifying integrity of a remote device memory in which a data block of the memory is retrieved at a remote device based on verification parameters received from a verifier.
2. Description of the Related Art
FIG. 1 illustrates an integrity check of a remote device known in the prior art.
Referring to FIG. 1, remote network devices such as televisions (TV), set-top boxes, mobile phones, LAN-based or WAN-based personal computers (PCs) and small sensors are easy targets of hackers. Network hosts or service providers are sometimes unable to prevent the hackers from tampering with the above devices.
It is not easy for the network hosts or the service providers to physically check the remote devices and check whether an unauthorized user has accessed their software applications and tampered with the devices. Therefore, a memory integrity check in a network is required. The ‘integrity’ in the sense of a network security refers to the guarantee that only the authorized person is allowed to access or change the data provided by the network.
Conventionally, a digest value with respect to selected software, or hash values with respect to a memory area of the remote device have been used to check the integrity of a remote device.
In using the hash values, for example, first, hash values are generated by inserting a random seed in a memory area, and the random seed, hash function and information about the memory to check, are transmitted to the remote device. The remote device generates hash values of the memory area using the information received from the verifier, and sends the generated hash values to the verifier. The verifier checks the integrity of the memory area by comparing the hash values generated at the verifier with respect to the memory area on one hand, with the hash values generated at the remote device with respect to the memory area on the other hand.
This method, however, has the drawback of inaccuracy because the integrity check is skipped when malignant codes such as a virus change the location of the memory after attack.
Meanwhile, in using the digest values with respect to the selected software, digest values with respect to the software stored in the remote device are authenticated and stored in the memory. The software integrity is checked by comparing the authenticated digest values with digest values which are obtained by applying a separate hash function to the selected software. However, this method has a drawback in that it can be applied to the integrity check with respect to the software stored in the remote device only.
Accordingly, there is a need for an integrity check that is seamless against the location-shifting attacks of malignant codes and that enables an integrity check from outside of the remote device, not only in remote device booting but also at run-time.